I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
SPYCONSOLESETUP.EXE – Unclassified Malware removal
SPYCONSOLESETUP.EXE size: 3515392 bytes
SPYCONSOLESETUP.EXE hash: EE5F4A666772917718AEB3CE07183E8F
Created files:
%TEMP%\IXP000.TMP\ns.exe
%TEMP%\RarSFX0\0001\shell.dos
%TEMP%\RarSFX0\12500852.ssp
%TEMP%\RarSFX0\BDE\bantam.dll
%TEMP%\RarSFX0\BDE\blw32.dll
%TEMP%\RarSFX0\BDE\ceeurope.btl
%TEMP%\RarSFX0\BDE\charset.cvb
%TEMP%\RarSFX0\BDE\europe.btl
%TEMP%\RarSFX0\BDE\idapi32.dll
%TEMP%\RarSFX0\BDE\idapinst.dll
%TEMP%\RarSFX0\BDE\idasci32.dll
%TEMP%\RarSFX0\BDE\iddbas32.dll
%TEMP%\RarSFX0\BDE\iddr32.dll
%TEMP%\RarSFX0\BDE\idr20009.dll
%TEMP%\RarSFX0\BDE\other.btl
%TEMP%\RarSFX0\BDE\usa.btl
%TEMP%\RarSFX0\hl.dll.cpt
%TEMP%\RarSFX0\IJL15.DLL
%TEMP%\RarSFX0\isnf2.dll
%TEMP%\RarSFX0\nspl.dll.cpt
%TEMP%\RarSFX0\options.bak
%TEMP%\RarSFX0\shr.dll
%TEMP%\RarSFX0\SpyConsoleSetup.exe
%TEMP%\RarSFX0\wpcap\4.0\npf.sys
%TEMP%\RarSFX0\wpcap\4.0\npptools.dll
%TEMP%\RarSFX0\wpcap\4.0\Packet.dll
%TEMP%\RarSFX0\wpcap\4.0\pthreadVC.dll
%TEMP%\RarSFX0\wpcap\4.0\WanPacket.dll
%TEMP%\RarSFX0\wpcap\4.0\wpcap.dll
%TEMP%\RarSFX0\wpcap\4.1\npf.sys
%TEMP%\RarSFX0\wpcap\4.1\npptools.dll
%TEMP%\RarSFX0\wpcap\4.1\Packet.dll
%TEMP%\RarSFX0\wpcap\4.1\pthreadVC.dll
%TEMP%\RarSFX0\wpcap\4.1\WanPacket.dll
%TEMP%\RarSFX0\wpcap\4.1\WinPcap_4_1_2.exe
%TEMP%\RarSFX0\wpcap\4.1\wpcap.dll
%TEMP%\RarSFX0\wpcap\npf.sys
%TEMP%\RarSFX0\wpcap\npptools.dll
%TEMP%\RarSFX0\wpcap\Packet.dll
%TEMP%\RarSFX0\wpcap\pthreadVC.dll
%TEMP%\RarSFX0\wpcap\vista\npptools.dll
%TEMP%\RarSFX0\wpcap\vista\Packet.dll
%TEMP%\RarSFX0\wpcap\vista\pthreadVC.dll
%TEMP%\RarSFX0\wpcap\vista\wpcap.dll
%TEMP%\RarSFX0\wpcap\WanPacket.dll
%TEMP%\RarSFX0\wpcap\wpcap.dll
%TEMP%\RarSFX0\wpcap\x64\npf.sys
Autostart registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0: rundll32.exe %WinDir%\System32\advpack.dll,DelNodeRunDLL32 “%TEMP%\IXP000.TMP\”
Detected by UnHackMe:
SPYCONSOLESETUP.EXE
Default location: %TEMP%\RARSFX0\SPYCONSOLESETUP.EXE
Dropper information:
MD5: 1ba4a741245f68d14691bfecf37280d0
File size: 4065280 bytes